Stor-A-File cyberattack: data dumped on the dark web

new gdpr rules for international data transfer

The latest developments in the recently discovered Stor-A-File cyberattack are concerning. After the company refused to pay a ransom demand issued by the hackers behind the attack, what has been described as tens of thousands of files have now reportedly been dumped on the dark web.

It is understood that Store-A-File refused to meet the demands of the ransom, which was reportedly set at £3m in Bitcoin, on the advice of authorities. Unfortunately, the hackers appear to have followed through on their threats and have now exposed information caught up in the data breach on the dark web. It could now be exploited by criminals, and victims will need to remain incredibly vigilant.

We recently reported on the Lister Fertility Clinic data breach as one of the organisations that were caught up in the Stor-A-File cyberattack. Some 1,700 patients had reportedly been corresponded with to advise of their potential involvement in the breach as a company using Stor-A-File for scanning services. It is thought that some 13 organisations may be affected in all, and these are understood to include the NHS, GP surgeries, local councils, and some private sector companies including law firms and accountants.

Possible impact of the Stor-A-File cyberattack

The possible impact of the Stor-A-File cyberattack on the victims could be substantial. We understand that incredibly personal and sensitive medical information has now been exposed as a result of the data breach, and this may now be in the hands of criminals.

Firstly, it is bad enough that victims can suffer understandable distress when their personal information is exposed in such a way. If criminals then go on to contact victims directly and try to demand ransoms from them, or use stolen information for fraud or ID theft, the worst news may yet to have come.

We know from our long years of experience in this area of law that criminals can be incredibly clever in how they use exposed data to try to steal or extort money at the expense of the victims. With personal and sensitive medical information involved, those affected will need to be extremely vigilant of falling victim to serious crime.

What can victims of the cyberattack do?

Victims of the Stor-A-File cyberattack could be entitled to pursue a claim for data breach compensation. Victims may be eligible to recover damages for any distress caused by the loss of control of their personal information.

It is common in medical and NHS data breach compensation cases for the impact to be severe, as outlined above. We will always look to make sure that any damages settlement truly reflects what you have had to endure as a victim of this kind of data breach.

We are taking claims on now, and victims can contact our experienced legal team now for free, no-obligation advice.

No Win, No Fee legal representation now

If you have suffered as a result of your personal information being exposed in this cyberattack, or in any other kind of data breach, we may be able to help you. Not only could we represent you for a legal case, for eligible clients, we are also able to offer No Win, No Fee representation.

This means that, subject to the terms and conditions as agreed, we are happy to write off our legal fees if the claim does not succeed. You can read more about how our No Win, No Fee works here.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

Request a Callback from our team!

Fill out our quick call back form below and we’ll contact you when you’re ready to talk to us.
All fields marked * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.